Bookmarks Menu

Bookmarks Toolbar

Bookmarks Toolbar

offensive-bookmarks

OSINT

individuals

PimEyes: Face Recognition Search Engine and Reverse Image Search
Username Search - Social Media Profile Lookup - IDCrawl
CheckUsernames - Social Media Username Search by KnowEm
FaceCheck - Reverse Image Search - Face Recognition Search Engine
NameCheckup - Find Available Username
WhatsMyName Web
pictriev, face search engine

companies

crt.sh | Certificate Search
DNSdumpster.com - dns recon and research, find and lookup dns records
28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
Phonebook.cz - Intelligence X
WHOIS Search, Domain Name, Website, and IP Tools - Who.is
intoDNS: checks DNS and mail servers health
URL and website scanner - urlscan.io
Webpage archive
Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
BuiltWith Technology Lookup
Hurricane Electric BGP Toolkit
WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
PageSpeed Insights
Entrust Certificate Search - Entrust, Inc.
Analyse your HTTP response headers
IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Crunchbase: Discover innovative companies and the people behind them
OSINT.SH - All in one Information Gathering Tools
MAC Address Vendor Lookup | MAC Address Lookup
Home | MAC Vendor Lookup Tool & API | MACVendors.com

emails

Have I Been Pwned: Check if your email has been compromised in a data breach
Temp Mail – The Best Temp Email Inbox
Temp Mail - Temporary Email
Find email addresses in seconds • Hunter (Email Hunter)
Epieos, the ultimate OSINT tool
Email Reputation Check, Email Risk Score Check | APIVoid
Email Finder • Free email search for B2B sales | Snov.io

search engines

Shodan Search Engine
Exposure Management and Threat Hunting Solutions | Censys
Google
Yandex
Yahoo Search - Web Search
DuckDuckGo — Privacy, simplified.
Home - ZoomEye really mapping,global leader of cyberspace mapping
GreyNoise Visualizer
SerpApi: Google Search API
Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon

geolocation

Locate IP Address Lookup
Online photo metadata and EXIF data viewer | Jimpl
Photo Location & Online EXIF Data Viewer - Pic 2 Map

cameras

Insecam - World biggest online cameras directory
EarthCam - Webcam Network

wireless

WiGLE: Wireless Network Mapping

OSINT Framework
jivoi/awesome-osint: A curated list of amazingly awesome OSINT
smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

cheat sheets

web

payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
https://security.love/CSRF-PoC-Genorator/
Bug Bounty Cheatsheet
swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

GTFOBins
LOLBAS
HackTricks - HackTricks
blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
File Signatures
explainshell.com - match command-line arguments to their help text
Cheat Sheets | pentestmonkey
Red Teaming Toolkit Collection -

malware development

code repos

adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
tarcisio-marinho/GonnaCry: A Linux Ransomware
EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
cdong1012/Rust-Ransomware: Ransomware written in Rust
cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
MalDev101/Loveware: Community driven computer worm
LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
rootkit-io/awesome-malware-development: Organized list of my malware development resources
sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Mr-Un1k0d3r/UniByAv
govolution/avet: AntiVirus Evasion Tool
gentilkiwi/mimikatz: A little tool to play with Windows security
huntergregal/mimipenguin: A tool to dump the login password from the current linux user
skelsec/pypykatz: Mimikatz implementation in pure Python
mkaring/ConfuserEx: An open-source, free protector for .NET applications
tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
s9rA16Bf4/go-evil: Customizing evil has never been so easy
S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
hfiref0x/UACME: Defeating Windows User Account Control

blogs

TheXcellerator
vx-underground
0xPat blog – Red/purple teamer
The Wover – Red Teaming, .NET, and random computing topics
cocomelonc
Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
TMZ Lair - Underground Coding
The Art of Malware
Evasion techniques
https://smarinovic.github.io/
Capt. Meelo
How to Build Obfuscated Macros for your Next Social Engineering Campaign
Malicious Macros for Script Kiddies - TrustedSec
XIT – Medium
Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
Creating a Rootkit to Learn C - The Human Machine Interface
(nearly) Complete Linux Loadable Kernel Modules
Engineering antivirus evasion – Sec Team Blog
Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
A Brief Survey of Code Obfuscation Techniques
100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland

youtube

(6) TheSphinx - YouTube
(6) Joey Abrams - YouTube
(6) w3w3w3 - YouTube
(6) Cosmodium CyberSecurity - YouTube
(6) crow - YouTube
(6) ActiveXSploit - YouTube

AMSI.fail

malware analysis

tools

matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
Feodo Tracker
SSLBL | Detecting malicious SSL connections
URLhaus | Malware URL exchange
ThreatFox | Share Indicators Of Compromise (IOCs)
Sysinternals Utilities - Sysinternals | Microsoft Learn

sandboxes

ANY.RUN - Interactive Online Malware Sandbox
Free Automated Malware Analysis Service - powered by Falcon Sandbox
VirusTotal - Home

resources

ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Malpedia (Fraunhofer FKIE)
MalwareBazaar | Malware sample exchange
Vitali Kremez | Ethical Hacker | Reverse Engineer
zerosum0x0
MalwareTech
albertzsigovits/malware-writeups: Personal research and publication on malware families
kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
MalShare
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

shells

Online - Reverse Shell Generator
php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell

miscellaneous

CyberChef
WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
4shared.com - free file sharing and storage
Transfer Big Files Free - Email or Send Large Files
Pastebin.com - #1 paste tool since 2002!
Barcode Reader. Free Online Web Application
rot13.com
Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
Brainfuck Language - Online Decoder, Translator, Interpreter
Online JavaScript beautifier
iLovePDF | Online PDF tools for PDF lovers
Compress JPEG Images Online
Compress images online - Reduce your image size online and for free

blogs & resources

blogs

Hacking Articles - Raj Chandel's Blog
Web Security Blog - PortSwigger
The DigiNinja Blog - DigiNinja
Blog | hackers-arise
Home | S3cur3Th1sSh1t
TECH BLOG — Improsec | improving security
Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
Shell is Only the Beginning
ihazomgsecurityskillz
Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
Help Net Security - Cybersecurity News
NCC Group Research Blog | Making the world safer and more secure
Research | Trellix Stories
Andrey Konovalov | Andrey Konovalov
The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
Guide To Using Reverse Image Search For Investigations - bellingcat

youtube

(6) Marcus Hutchins - YouTube
(6) Black Hat - YouTube
(6) DEFCONConference - YouTube
(6) IppSec - YouTube
(6) John Hammond - YouTube
(6) NetworkChuck - YouTube
(6) The Cyber Mentor - YouTube
(6) HackerSploit - YouTube
(6) David Bombal - YouTube
(6) InsiderPhD - YouTube
(6) jhaddix - YouTube
(6) Tom Hudson - YouTube
(6) STÖK - YouTube
(6) Hak5 - YouTube
(6) Null Byte - YouTube
(6) LiveOverflow - YouTube
(6) NahamSec - YouTube
(6) zSecurity - YouTube

MITRE ATT&CK®

forums

0x00sec - The Home of the Hacker

obfuscation

command prompt

danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness

python

Oxyry Python Obfuscator - The most reliable python obfuscator in the world
pyarmor · PyPI
PyObfx/PyObfx: Python Obfuscator & Packer

php

PHP Obfuscator

powershell

danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

javascript

JS Obfuscator

C/C++

C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online

.NET

yck1509/ConfuserEx: An open-source, free protector for .NET applications

privilege escalation

windows

PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
bitsadmin/wesng: Windows Exploit Suggester - Next Generation
GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

linux

PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script

passwords, hashes & wordlists

default passwords

Default Passwords | CIRT.net
List of Router Default Passwords For All Brands [Tried & Tested]

wordlists

Mebus/cupp: Common User Passwords Profiler (CUPP)
danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Assetnote Wordlists
digininja/CeWL: CeWL is a Custom Word List Generator

cracking

Hashkiller.io - List Manager
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
SHAttered
Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
example_hashes [hashcat wiki]
Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
Md5 Online Decrypt & Encrypt - Compare your hash with our Database
Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online

practice

TryHackMe | Cyber Security Training
Hack The Box: Hacking Training For The Best | Individuals & Companies
Vulnerable By Design ~ VulnHub
Web Security Academy: Free Online Training from PortSwigger
OverTheWire: Wargames
Command Challenge!
Proving Grounds: Virtual Pentesting Labs | Offensive Security
Virtual Hacking Labs | Penetration Testing Training Labs & Courses
Hack This Site
PentesterLab: Our exercises
HBH: Learn how hackers break in, and how to keep them out.
Free Cybersecurity Training and Career Development | Cybrary
https://amanhardikar.com/mindmaps/Practice.html

Bookmarks Toolbar

linuxPrivilegeEscalation

PayloadsAllTheThings/Methodology and Resources/Linux - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings · GitHub

PentestGPT
ChatGPT
FreeTraining
explainshell
hackSplaining
TempMail
Shodan
live - Google Drive
PatrikHudak
Keep
Shell
Translate
bWAPP
Tecmint
Hacker101 CTF
SecurityZines
CySec
Notion

Other Bookmarks

GitHub

CTF

GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
GitHub - SandySekharan/CTF-tool: A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.
GitHub - SanketBaraiya/ctf-writeup: All Write-up pushed by RasyidMF. This repository is created for private or public learning purposes
GitHub - SanketBaraiya/CTFlearn-Solutions: Writeups Of CTFlearn Challenges
GitHub - MrMugiwara/CTF-Tools: Useful CTF Tools
GitHub - Ignitetechnologies/Vulnhub-CTF-Writeups: This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.
Aperi'Solve
Recommended Tools for CTF – Howard University CyberSecurity Center (internal student wiki)
GitHub - RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
GitHub - ius/rsatool: rsatool can be used to calculate RSA and RSA-CRT parameters

Bug Hunting github

GitHub - EdOverflow/bugbounty-cheatsheet: A list of interesting payloads, tips and tricks for bug bounty hunters.
GitHub - infoslack/awesome-web-hacking: A list of web application security
GitHub - ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
GitHub - djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
GitHub - devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
GitHub - dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
GitHub - foospidy/payloads: Git All the Payloads! A collection of web attack payloads.
GitHub - alexbieber/Bug_Bounty_writeups: BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
GitHub - s0md3v/AwesomeXSS: Awesome XSS stuff
GitHub - HernanRodriguez1/Dorks-Shodan-2023: Shodan Dorks 2023
GitHub - errorfiathck/ssrf-exploit: an exploit of Server-side request forgery (SSRF)
GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
GitHub - robotshell/magicRecon: MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
GitHub - KingOfBugbounty/KingOfBugBountyTips: Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
vavkamil/awesome-bugbounty-tools: A curated list of various bug bounty tools
un9nplayer/AutoRecon-XSS: AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracts potential vulnerable URLs, and checks them for XSS vulnerabilities.
daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
NafisiAslH/KnowledgeSharing
devanshbatham/Awesome-Bugbounty-Writeups: A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
GitHub - mandatoryprogrammer/xsshunter-express: An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
GitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload List

Hacking

OSINT

GitHub - jivoi/awesome-osint: :scream: A curated list of amazingly awesome OSINT
GitHub - SharadKumar97/OSINT-SPY: Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. If you want to ask something please feel free to reach out to me at robotcoder@protonmail.com

GitHub - giuliacassara/awesome-social-engineering: A curated list of awesome social engineering resources.
GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
GitHub - secfigo/Awesome-Fuzzing: A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

WordLists

GitHub - orwagodfather/My-WordLISTs
GitHub - TheSpeedX/PROXY-List: Get PROXY List that gets updated everyday
orwagodfather/WordList
orwagodfather/My-WordLISTs
orwagodfather/My-Cool-WordList-For-Fuzz-and-Bugs
payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Awesome-Hacking/README.md at master · Hack-with-Github/Awesome-Hacking · GitHub

MindMaps

GitHub - imran-parray/Mind-Maps: Mind-Maps of Several Things
GitHub - jassics/security-study-plan: Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
GitHub - iSPYadav01/Linux-Tutorials-and-Installation: Installation of Various Tools,Application and Operating System
GitHub - Ignitetechnologies/Web-Application-Cheatsheet: This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.
Ignitetechnologies/Mindmap: This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them
sam5epi0l/Beginner-Bug-Bounty-Automation: Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)

WriteUps

GitHub - 1hack0/Facebook-Bug-Bounty-Write-ups: Hunting Bugs for Fun and Profit

GitHub - gauravnarwani97/Trishul: Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
GitHub - Dheerajmadhukar/back-me-up: This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
GitHub - hasanfirnas/symbiote: Your target's phone's front and back cameras📸 can be accessed by sending a link🔗.
GitHub - hakluke/hakip2host: hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
GitHub - luong-komorebi/Awesome-Linux-Software: 🐧 A list of awesome Linux softwares
GitHub - hahwul/WebHackersWeapons: ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Cyber-Guy1 (Cyber Guy) · GitHub
tomnomnom (tomnomnom) / Repositories
hahwul (hahwul) / Repositories
zigoo0/ArabicWebAppsPentesting: This repo will contain POC, demo files, and any links given during the Arab web application penetration testing course.

Bug Hunting

Bug Bounty Tips - InfosecMatter
DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

Tools

GitHub - zidansec/subscan: Subscan is a simple tool for subdomain scanner, it can scan subdomains fast.
GitHub - dwisiswant0/crlfuzz: A fast tool to scan CRLF vulnerability written in Go
GitHub - HalilDeniz/Dosinator: DoSinator is a powerful Denial of Service (DoS) testing tool developed in Python.
GitHub - SirCryptic/wardriver: bash script to automate wardriving tasks. (Wi-Fi & Bluetooth)
GitHub - mzfr/liffy: Local file inclusion exploitation tool
GitHub - r3nt0n/bopscrk: Generate smart and powerful wordlists
GitHub - RustScan/RustScan: 🤖 The Modern Port Scanner 🤖
GitHub - un1cum/Beast_Bomber: The best open source bomber / Лучший open source бомбер
grep.app | code search
Pricing | FullHunt
Pipl | The world’s #1 source for digital identity and trust data
LeakIX - About
Netlas
searchcode | source code search engine
URL and website scanner - urlscan.io
Home - SOCRadar® Extended Threat Intelligence
BinaryEdge
IVRE — Network recon framework
Threat Intelligence - Pulsedive
Netlas
Exposure Management and Threat Hunting Solutions | Censys
Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
Pastebin.com - #1 paste tool since 2002!
Bug Bounty Helper
Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
Certbot
Have I Been Pwned: Pwned Passwords
Censys Search
Hunter Search Engine
HTML5 Security Cheatsheet
Most recent entries - CVE-Search
ViewDNS.info - Your one source for DNS related tools!
Google Hacking DB
Google Hacking - Free Google Dorks for Recon - Pentest-Tools.com
XSS Scanner - Online Scan for Cross-site Scripting Vulnerabilities
404 Not Found
CVE - CVE
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Hash Type Identifier - Identify unknown hashes
Entrust Certificate Search - Entrust, Inc.
CyberChef
Vulnerability & Exploit Database - Rapid7

bug bounty platforms

FireBounty | The Ultimate Vulnerability Disclosure Policy and Bug Bounty List!
Synack | Premier Security Testing Platform
Intigriti - Bug Bounty & Agile Pentesting Platform
#1 Crowdsourced Cybersecurity Platform | Bugcrowd
Global Bug Bounty & Vulnerability Management Platform | YesWeHack
HackerOne | #1 Trusted Security Platform and Hacker Program
Login - Hackenproof
Coordinated Vulnerability Disclosure programs
漏洞盒子 - 中国领先的漏洞平台与白帽社区|安全众测与安全运营服务平台
Bug Bounty
Blockchain Security Services Company - Web3, Crypto, DeFi | Hacken
https://detectify.com/
Google and Alphabet Vulnerability Reward Program (VRP) Rules - Rules - About - Google Bug Hunters
Pentest as a Service | Cobalt
Free Bug Bounty Program and Coordinated Vulnerability Disclosure | Open Bug Bounty
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform - INDEX
Yogosha | VOC / Vulnerability Operations Center
CyberArmyID | #1 Crowdsourced Cyber Security Platform in Indonesia
Antihack | Website Vulnerability Finders
Red Storm Entertainment
BugBounty.jp

engine

BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
CVE Database - Security Vulnerabilities and Exploits | Vulners.com
ONYPHE | Attack Surface Management & Cyber Defense Search Engine
FOFA Search Engine
Search Engine for Source Code - PublicWWW.com
BinaryEdge Portal
GreyNoise Visualizer
ZoomEye - Cyberspace Search Engine
netograph.io ~ mapping the deep structure of the web.
WiGLE: Wireless Network Mapping
Intelligence X
Domain Search
Have I Been Pwned: Check if your email has been compromised in a data breach
crt.sh | Certificate Search
DNSdumpster.com - dns recon and research, find and lookup dns records

Practice

CTF365 - Capture The Flag | Security Training Platform
Hacking-Lab
http://pwnable.kr/
io.netgarage.org
SmashTheStack Wargaming Network
Microcorruption
Reversing.Kr
Hack This Site
Welcome – W3Challs Hacking Challenges
Home - RingZer0 Online CTF
HBH: Learn how hackers break in, and how to keep them out.
CTFtime.org / All about CTF (Capture The Flag)
Bienvenue [Root Me : plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information]
Game of Hacks | Checkmarx
Web Application Exploits and Defenses
How to Catch a Cheater Effortlessly
An Interactive Cyber Security Platform | Defend the Web
Attack-Defense Online Lab
alert(1) to win
Capture the Flag - Application Security Challenge
Command Challenge!
Exploit Education :: Andrew Griffiths' Exploit Education
Google CTF
Hack The Box: Hacking Training For The Best | Individuals & Companies
Hacker101 CTF
Capture The Flag - CTF - A maior plataforma do Brasil - HackerSec
Cybersecurity Training To Face Evolving Threats - Immersive Labs
OverTheWire: Wargames
PentesterLab: Learn Web Penetration Testing: The Right Way
https://www.amanhardikar.com/mindmaps/Practice.html
picoCTF - CMU Cybersecurity Competition
https://pwnable.kr/play.php
The 2022 SANS Holiday Hack Challenge
Penetration test lab "Test lab" | Pentestit
https://academy.hackaflag.com.br/
https://labs.wizard-security.net/
http://ctf.rootinjail.com/
DownUnderCTF
Hack This Site
CTF365 - Capture The Flag | Security Training Platform
Web Application Exploits and Defenses
Supercar Showdown - Supercar Showdown
flAWS
CertMaster Learn + Labs Trial | CompTIA IT Certifications

hacking writeups

Pentesting Wifi - HackTricks
80,443 - Pentesting Web Methodology - HackTricks
External Recon Methodology - HackTricks
Pentesting Methodology - HackTricks
Web Penetration Testing - Hacking Articles

burp suite

emadshanab/Burp-Bounty-free-Profiles-Collection

linuxPrivilegeEscalation

Checklists/Linux-Privilege-Escalation.md at master · netbiosX/Checklists · GitHub
Privilege Escalation - Linux · Total OSCP Guide
Linux Privilege Escalation Guide(Updated for 2023)
GitHub - Cerbersec/scripts: Collection of useful scripts and word lists
GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
PEASS-ng/linPEAS at master · peass-ng/PEASS-ng · GitHub
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
GitHub - The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
GitHub - linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script

New Folder

windowsPrivilegeEscalation

PayloadsAllTheThings/Methodology and Resources/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings · GitHub
GitHub - gtworek/Priv2Admin: Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
GitHub - antonioCoco/RogueWinRM: Windows Local Privilege Escalation from Service Account to System
Potatoes - Windows Privilege Escalation · Jorge Lajara Website
Decoder's Blog – IT Security Tips and Tricks
Windows Local Privilege Escalation | HackTricks

OSINT Services

Air & Space Tracking

ADSB Exchange
Flightware
Radarbox
Airportia
HabHub
Satellite Map
SatelliteXplorer
Live Satellite Worldmap

Land & Sea Tracking

Open Railway
Mobility Portal
Open Train Times
Open Satellite World Map

Camera Tracking

Insecam
World Webcams
EarthCam
fisgonia
WorldCam
OpenTopia
Live Iceland Cams

Search Engines

Shodan
Censys
GreyNoise
ZoomEye
Hunter.IO
Wireless Device Database

Vuln DB

Exploit DB
Wordpress Vulnerabilities WPScan
WordPress Vulnerability Database
National Vuln Database
CVE Details
Packetstorm
VulnDB
CXSecurity Exploit Database
Vulnerability Lab

Privacy and Security

Electronic Frontier Foundation
Surveillance Self Defense
Email Privacy Self Defense
GnuPG - HOWTOs
Tor Project
Onion Links
DeepL Translator
E2E Cloud Storage
Quad9 DNS
PrivacyTools

Learning Resources

Programming

Learn Bash
Learn Python
Learn Go
Learn Nim
Learn C
Learn C++
Learn NodeJS
Learn Java
Learn PHP

System and Networking

Linux Journey
Linux Training
Debian Handbook
Arch Linux Wiki
Networking Basics
Networking Tutorials
Data Communication and Computer Network

Training Labs

Binary Exploit Training
RIPSEC Binary Exploit Training
Exploit Education Labs
PortSwigger Web Exploit Lab
PentesterLab
OWASP WebGoat
OWASP Secure Coding Dojo

Materials

Open Security Training
Pentest Standard
OWASP Checklist
Computer Security Student Tutorials
Binary Exploit Learn
GTFO Bins
OWASP Pentest Checklist
Parrot Open Books Collection
Free Computer Books

Blogs and Researches

Linux Privilege Escalation Cheatsheet 0xsp
Linux Privilege Escalation Cheatsheet Redtm
Offensive Windows IPC part 1: Named Pipes
Offensive Windows IPC part 2: RPC
Offensive Windows IPC part 3: ALPC
Avoiding Memory Scanners
s3cur3th1ssh1t Blog
VX Underground
Kernel Driver Exploit: System Mechanic
Attacking Active Directory
Black Hills InfoSec Blog
x86Matthew Blog
Sam Curry Blog
Connor McGarr Blog
ElectroVolt: Pwning Popular Desktop Apps

Hack The Box

Hack The Box Home
Hacking Labs
Hack The Box Forum
CyberSec Careers
Hack The Box training
Hack The Box Blog
Hack The Box Guides

OSINT

individuals

PimEyes: Face Recognition Search Engine and Reverse Image Search
Username Search - Social Media Profile Lookup - IDCrawl
CheckUsernames - Social Media Username Search by KnowEm
FaceCheck - Reverse Image Search - Face Recognition Search Engine
NameCheckup - Find Available Username
WhatsMyName Web
pictriev, face search engine

companies

crt.sh | Certificate Search
DNSdumpster.com - dns recon and research, find and lookup dns records
28 Online Vulnerability Scanners & Network Tools | HackerTarget.com
Phonebook.cz - Intelligence X
WHOIS Search, Domain Name, Website, and IP Tools - Who.is
intoDNS: checks DNS and mail servers health
URL and website scanner - urlscan.io
Webpage archive
Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
BuiltWith Technology Lookup
Hurricane Electric BGP Toolkit
WordPress Recon and Security Testing | wprecon.com – Online WordPress Testing Tool to discover security related information and configuration issues.
PageSpeed Insights
Entrust Certificate Search - Entrust, Inc.
Analyse your HTTP response headers
IP and Domain Reputation Center || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Crunchbase: Discover innovative companies and the people behind them
OSINT.SH - All in one Information Gathering Tools
MAC Address Vendor Lookup | MAC Address Lookup
Home | MAC Vendor Lookup Tool & API | MACVendors.com

emails

Have I Been Pwned: Check if your email has been compromised in a data breach
Temp Mail – The Best Temp Email Inbox
Temp Mail - Temporary Email
Find email addresses in seconds • Hunter (Email Hunter)
Epieos, the ultimate OSINT tool
Email Reputation Check, Email Risk Score Check | APIVoid
Email Finder • Free email search for B2B sales | Snov.io

search engines

Shodan Search Engine
Exposure Management and Threat Hunting Solutions | Censys
Google
Yandex
Yahoo Search - Web Search
DuckDuckGo — Privacy, simplified.
Home - ZoomEye really mapping,global leader of cyberspace mapping
GreyNoise Visualizer
SerpApi: Google Search API
Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon

geolocation

Locate IP Address Lookup
Online photo metadata and EXIF data viewer | Jimpl
Photo Location & Online EXIF Data Viewer - Pic 2 Map

cameras

Insecam - World biggest online cameras directory
EarthCam - Webcam Network

wireless

WiGLE: Wireless Network Mapping

OSINT Framework
jivoi/awesome-osint: A curated list of amazingly awesome OSINT

cheat sheets

web

payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
https://security.love/CSRF-PoC-Genorator/
Bug Bounty Cheatsheet
swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.
daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)

GTFOBins
LOLBAS
HackTricks - HackTricks
blackc03r/OSCP-Cheatsheets: OSCP Cheatsheets
Nmap Cheat Sheet 2023: All the Commands, Flags & Switches
infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft activity
File Signatures
explainshell.com - match command-line arguments to their help text
Cheat Sheets | pentestmonkey
Red Teaming Toolkit Collection -

malware development

code repos

adamyaxley/Obfuscate: Guaranteed compile-time string literal obfuscation header-only library for C++14
JustasMasiulis/inline_syscall: Inline syscalls made easy for windows on clang
cinzinga/Evasion-Practice: A variety of AV evasion techniques written in C# for practice.
jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
tarcisio-marinho/GonnaCry: A Linux Ransomware
EgeBalci/EGESPLOIT: EGESPLOIT is a golang library for malware development
cobbr/SharpSploit: SharpSploit is a .NET post-exploitation library written in C#
not-sekiun/PyIris: PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
dmdhrumilmistry/pyhtools: A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.
cdong1012/Rust-Ransomware: Ransomware written in Rust
cocomelonc/peekaboo: Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.
safesploit/PythonRAT: Command and Control (C2) server with backdoor acting as Remote Administration Trojan (RAT) written in Python3
MrTuxx/OffensiveGolang: A collection of offensive Go packages inspired by different Go repositories.
EddieIvan01/memexec: A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
Mahmoud7Osman/CVenom: CVenom is An Ultra Easy-To-Use Cross-Platform Malware Development Framework For Advanced Malware Development
alichtman/malware-techniques: A collection of techniques commonly used in malware to accomplish core tasks.
MalDev101/Loveware: Community driven computer worm
LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
rootkit-io/awesome-malware-development: Organized list of my malware development resources
sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Mr-Un1k0d3r/UniByAv
govolution/avet: AntiVirus Evasion Tool
gentilkiwi/mimikatz: A little tool to play with Windows security
huntergregal/mimipenguin: A tool to dump the login password from the current linux user
skelsec/pypykatz: Mimikatz implementation in pure Python
mkaring/ConfuserEx: An open-source, free protector for .NET applications
tkmru/awesome-linux-rootkits: a summary of linux rootkits published on GitHub
CheckPointSW/Evasions: Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
3intermute/linux_syscall_hook: system call hooking on arm64 linux via a variety of methods
packing-box/awesome-executable-packing: A curated list of awesome resources related to executable packing
ElliotAlderson51/Fsociety-RAT: Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)
s9rA16Bf4/go-evil: Customizing evil has never been so easy
S3cur3Th1sSh1t/OffensiveVBA: This repo covers some code execution and AV Evasion methods for Macros in Office documents
S3cur3Th1sSh1t/Amsi-Bypass-Powershell: This repo contains some Amsi Bypass methods i found on different Blog Posts.
hfiref0x/UACME: Defeating Windows User Account Control

blogs

TheXcellerator
vx-underground
0xPat blog – Red/purple teamer
The Wover – Red Teaming, .NET, and random computing topics
cocomelonc
Malware Development – Welcome to the Dark Side: Part 1 - Checkmate
TMZ Lair - Underground Coding
The Art of Malware
Evasion techniques
https://smarinovic.github.io/
Capt. Meelo
How to Build Obfuscated Macros for your Next Social Engineering Campaign
Malicious Macros for Script Kiddies - TrustedSec
XIT – Medium
Linux.Midrashim: Assembly x64 ELF virus | TMZ Lair - Underground Coding
Creating a Rootkit to Learn C - The Human Machine Interface
(nearly) Complete Linux Loadable Kernel Modules
Engineering antivirus evasion – Sec Team Blog
Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader
A Brief Survey of Code Obfuscation Techniques
100% evasion - Write a crypter in any language to bypass AV – Sam's Hacking Wonderland

youtube

(6) TheSphinx - YouTube
(6) Joey Abrams - YouTube
(6) w3w3w3 - YouTube
(6) Cosmodium CyberSecurity - YouTube
(6) crow - YouTube
(6) ActiveXSploit - YouTube

AMSI.fail

malware analysis

tools

matterpreter/DefenderCheck: Identifies the bytes that Microsoft Defender flags on.
rasta-mouse/ThreatCheck: Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
Feodo Tracker
SSLBL | Detecting malicious SSL connections
URLhaus | Malware URL exchange
ThreatFox | Share Indicators Of Compromise (IOCs)
Sysinternals Utilities - Sysinternals | Microsoft Learn

sandboxes

ANY.RUN - Interactive Online Malware Sandbox
Free Automated Malware Analysis Service - powered by Falcon Sandbox
VirusTotal - Home

resources

ytisf/theZoo: A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Malpedia (Fraunhofer FKIE)
MalwareBazaar | Malware sample exchange
Vitali Kremez | Ethical Hacker | Reverse Engineer
zerosum0x0
MalwareTech
albertzsigovits/malware-writeups: Personal research and publication on malware families
kh4sh3i/Ransomware-Samples: Small collection of Ransomware organized by family.
MalShare
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

shells

Online - Reverse Shell Generator
php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell

miscellaneous

CyberChef
WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
4shared.com - free file sharing and storage
Transfer Big Files Free - Email or Send Large Files
Pastebin.com - #1 paste tool since 2002!
Barcode Reader. Free Online Web Application
rot13.com
Vigenere Cipher - Online Decoder, Encoder, Solver, Translator
Brainfuck Language - Online Decoder, Translator, Interpreter
Online JavaScript beautifier
iLovePDF | Online PDF tools for PDF lovers
Compress JPEG Images Online
Compress images online - Reduce your image size online and for free

blogs & resources

blogs

Hacking Articles - Raj Chandel's Blog
Web Security Blog - PortSwigger
The DigiNinja Blog - DigiNinja
Blog | hackers-arise
Home | S3cur3Th1sSh1t
TECH BLOG — Improsec | improving security
Ethical hacking and penetration testing - InfoSec, IT, Kali Linux, BlackArch
Shell is Only the Beginning
ihazomgsecurityskillz
Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
Help Net Security - Cybersecurity News
NCC Group Research Blog | Making the world safer and more secure
Research | Trellix Stories
Andrey Konovalov | Andrey Konovalov
The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0 | NetSec Focus
Guide To Using Reverse Image Search For Investigations - bellingcat

youtube

(6) Marcus Hutchins - YouTube
(6) Black Hat - YouTube
(6) DEFCONConference - YouTube
(6) IppSec - YouTube
(6) John Hammond - YouTube
(6) NetworkChuck - YouTube
(6) The Cyber Mentor - YouTube
(6) HackerSploit - YouTube
(6) David Bombal - YouTube
(6) InsiderPhD - YouTube
(6) jhaddix - YouTube
(6) Tom Hudson - YouTube
(6) STÖK - YouTube
(6) Hak5 - YouTube
(6) Null Byte - YouTube
(6) LiveOverflow - YouTube
(6) NahamSec - YouTube
(6) zSecurity - YouTube

MITRE ATT&CK®

forums

0x00sec - The Home of the Hacker

obfuscation

command prompt

danielbohannon/Invoke-DOSfuscation: Cmd.exe Command Obfuscation Generator & Detection Test Harness

python

Oxyry Python Obfuscator - The most reliable python obfuscator in the world
pyarmor · PyPI
PyObfx/PyObfx: Python Obfuscator & Packer

php

PHP Obfuscator

powershell

danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator
JoelGMSec/Invoke-Stealth: Simple & Powerful PowerShell Script Obfuscator
tokyoneon/Chimera: Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

javascript

JS Obfuscator

C/C++

C/C++ Obfuscator - Obfuscate your C/C++ source code for free and online

.NET

yck1509/ConfuserEx: An open-source, free protector for .NET applications

privilege escalation

windows

PEASS-ng/winPEAS at master · carlospolop/PEASS-ng · GitHub
itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
bitsadmin/wesng: Windows Exploit Suggester - Next Generation
GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

linux

PEASS-ng/linPEAS at master · carlospolop/PEASS-ng · GitHub
rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing tool
diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
linted/linuxprivchecker: linuxprivchecker.py -- a Linux Privilege Escalation Check Script

passwords, hashes & wordlists

default passwords

Default Passwords | CIRT.net
List of Router Default Passwords For All Brands [Tried & Tested]

wordlists

Mebus/cupp: Common User Passwords Profiler (CUPP)
danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Assetnote Wordlists
digininja/CeWL: CeWL is a Custom Word List Generator

cracking

Hashkiller.io - List Manager
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
SHAttered
Online Password Hash Crack - MD5 NTLM Wordpress Joomla WPA PMKID, Office, iTunes, Archive, ..
RsaCtfTool/RsaCtfTool: RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
example_hashes [hashcat wiki]
Cmd5 - MD5 Online ,MD5 Decryption, MD5 Hash Decoder
GPUHASH.me - online WPA/WPA2 PMKID cracker and MD5,SHA1,SHA256,MD5CRYPT,NTLM,bcrypt,vBulletin,IPB,BTC/LTC wallet password recovery
Recovery of Password from Office documents (XLSX / DOCX), ZIP files and Hashes (Cisco, SHA1, MD5)
Md5 Online Decrypt & Encrypt - Compare your hash with our Database
Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512, Wordpress, Bcrypt hashes for free online

practice

TryHackMe | Cyber Security Training
Hack The Box: Hacking Training For The Best | Individuals & Companies
Vulnerable By Design ~ VulnHub
Web Security Academy: Free Online Training from PortSwigger
OverTheWire: Wargames
Command Challenge!
Proving Grounds: Virtual Pentesting Labs | Offensive Security
Virtual Hacking Labs | Penetration Testing Training Labs & Courses
Hack This Site
PentesterLab: Our exercises
HBH: Learn how hackers break in, and how to keep them out.
Free Cybersecurity Training and Career Development | Cybrary
https://amanhardikar.com/mindmaps/Practice.html